tue04feb2:00 pm5:00 pmSecure Cloud Application Development through Security Service Level AgreementTutorial2:00 pm - 5:00 pm Aula 155/4, Facoltà Di Ingegneria | Via Brecce Bianche, 12Track:06.Tutorial | Feb 4
Presenter Prof. Massimiliano Rak associate professor at University of Campania Luigi Vanvitelli. His scientific activity is mainly focused on the analysis and design security and performance in System Architectures. He actively
Prof. Massimiliano Rak associate professor at University of Campania Luigi Vanvitelli. His scientific activity is mainly focused on the analysis and design security and performance in System Architectures. He actively participate to international research groups and was member of several EU, National and Regional funded projects, moreover, he coordinated the SPECS FP7 European project. Massimiliano Rak has published more than 150 papers in conferences, books and international journals.
Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications, they can be hardly integrated with security design and risk management methodologies. Security techniques cannot easily automated and require big economic investments, due to the necessity of security experts in the development team and to the lack of automatic tools to evaluate risk and to assess security in the design and operation phases. This Tutorial aims at illustrating the techniques and tools developed in the context of SPECS and MUSA European projects that support the development of cloud application through a novel Security-by-Design methodology based on Security Service Level Agreements (SLAs). The technique illustrated in the tutorial will cover (semi-) automated risk analysis, Security assessment and security SLA evaluation. During the tutorial a simple and practical example of cloud application will be illustrated and developed. Participants will be invited to contribute to the development and check and use the tools.
Structure of the tutorial
The tutorial consists in 6 blocks of 30 minutes, 3 of them with oral speechs and 3 of them with hands on the tools.
- Module 1 (speech): security SLA Model and Concepts
- Module 2 (hands on): Security SLA Evaluation and security SLA of existing CSPs
- Module 3 (speech): SLA-based Security-by-Design Development Process
- Module 4 (hands on): Application Model and Automated Risk Analysis
- Module 5 (speech): Security Assessment procedure
- Module 6 (hands on): Security Assessment of a simple cloud application
The target audience should have basic security competences. Competences on cloud technologies are welcome.
(Tuesday) 2:00 pm - 5:00 pm
Facoltà Di Ingegneria | Via Brecce Bianche, 12